Default Principals AES Keys

[John Harris <harris@ucdavis.edu>]

Greetings,

I am having a nightmare of a time trying to get AES encryption to work for
a normal TGT.  I can successfully make the master database stash key with:

kstash -e aes128-cts-hmac-sha1-96

I then use kadmin -l to init a REALM.  The default principal is made
with the keys I specify in the config file, as are principals I make.
However, I cannot seem to figure out how to get krbtgt/REALM to use AES.
It only wants to make des and 3des types.

Any ideas????

Config file:

[libdefaults]
default_realm = REALM.EDU
default_keytab_name = /etc/krb5.keytab
permitted_enctypes =  aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-md5

[realms]
        REALM.EDU = {
                kdc = authserver.mydomain.edu
                admin_server = authserver.mydomain.edu
                default_domain = REALM.EDU
                key_stash_file = /var/heimdal/m-key
                master_key_type = aes128-cts-hmac-sha1-96
                supported_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-md5
                kdc_supported_enctypes = aes256-cts-hmac-sha1-96 daes128-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-md5
                default_keys = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-md5
        }

[kadmin]
default_keys = aes256-cts-hmac-sha1-96:pw-salt aes128-cts-hmac-sha1-96:pw-salt des3-cbc-sha1:pw-salt des-cbc-md5:pw-salt

[domain_realm]
.realm.edu = REALM.EDU
realm.edu = REALM.EDU